In the last post from
there is code which works for me. Maybe it'll help

On Sep 26, 10:30 pm, Doug <> wrote:
> Hi folks,
> I have been banging my head against the wall trying to figure out why
> I keep getting 'failed to validate oauth signature and token' when
> requesting the access token usingxauth.  I did getxauthenabled,
> however I should point out there is nothing indicating this in the
> app's detail page. Should there be?
> For sake of debugging, I am using thexAuthtutorial fields located
> here:
> it looks quite identical.  I understand the timestamps, keys, and
> nonce would be invalid, I just wanted to check things out:
> Body:
> x_auth_username=oauth_test_exec&x_auth_password=twitter-
> xauth&x_auth_mode=client_auth
> Authorization header field:
> oauth_consumer_key="JvyS7DO2qd6NNTsXJ4E7zA",
> oauth_signature_method="HMAC-SHA1",
> oauth_signature="1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D",
> oauth_timestamp="1284565601",
> oauth_nonce="6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo",
> oauth_version="1.0"
> Signature base string:
> %2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA
> %26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo
> %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp
> %3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth
> %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec
> URL:
> If I turn all the fields to 'real' I will get the same error as the
> above code does.  Hearing that time can cause this I can say that my
> clock is only off a few seconds from my cell phone and I am using
> time(null) to snag the value.  I assume that is seconds since 1970
> without timezone interference.
> Any ideas?

Twitter developer documentation and resources:
API updates via Twitter:
Issues/Enhancements Tracker:
Change your membership to this group:

Reply via email to